MFA is not effective against legacy authentication protocols. “No problem though,” I hear you say, “all our users are protected by MFA, and MFA can block almost all account compromise attacks.” Whilst that statement is certainly true ( over 99.9% true according to Microsoft), what is commonly overlooked is that MFA can only block account compromise attacks where modern authentication is being used. No doubt the information contained in the mailboxes of these users could be useful for any number of further hacking activities. Through various nefarious means, a hacker has managed to obtain a list of compromised username and password combinations for your organisation – including some C-level executives. Let’s run through an example of why legacy authentication represents such a security risk.
0 Comments
Leave a Reply. |